Hello everyone, i've been racking my brains for the last few days figuring out why i cant sniff my twitter android app traffic anymore!
Basically what worked before was that i had simply installed fiddler/charles proxy on my PC, exported the root certificate (and added it to my android devices CA storage), then i installed cydia's mobile substrate and Android-SSL-TrustKiller because apparently the twitter apk uses certificate pinning that needs to be bypassed in order to properly MitM the app. I set my android wifi proxy settings to the same ip : port as the machine that fiddler/charles is listening on.
Unfortunately this does not work anymore and im left unable to properly read twitters app traffic, whereas googleplay, facebook, instagram, etc etc all work fine. It had worked fine until a few days ago. I hadn't updated my twitter app either so im just not sure how it could have broke itself.
I tried proxydroid (which uses iptables i believe), and fiddler showed attempts at connecting to one of twitters ip, but it never goes through (i believe this is an issue with the IP not resolving to the host-name correctly, which causes certificate name mismatch errors)
I'm incredibly vexed... i'll pay a fair amount to anyone who can help me properly diagnose and fix this issue.
If it helps, im on a SGS3 android version 4.1.2 (I even tried genymotion emulator, yielding the same results). Perhaps if someone can sucessfully perform this on their own device, they can help me along to identify the issue.
Related
Hello there, im a new HD2 user, and happy with it for now. Thanks to this forum I found loads of tips/tricks/appz to customize it or optimize it.
Only thing left, I tried to install Google Gmail (java app). The application installs correctly, and the WM asks me if I want to launch the app, I tap "OK", and then the Java engine starts, and just seems to hang (waited a LONG time) while loading.
If I launch the Java icon (under tools), I find that Gmail application, and the problem remains. Perhaps it is due to the fact that I have only internet from WiFi at the moment, but I managed to tell Java to use the WiFi instead of 3G, but no changes... (I was forced to allow Outlook to use the WiFi instead of 3G)
Should I find a way to uninstall Java to reinstall a recent release ? Any links / clues ?
Tx !
found this also:
google.ru_support_forum_p_android_thread?tid=57c8ba10a48680e3&hl=en
Perhaps something to modify in this app :'(
I've got my Gtablet working on a school system wireless network that uses Websense for filtering. I can get the web browser to work with Websense by putting in my Windows credentials so I can browse. However, some apps, like App Store don't work and I assume they are being blocked by Websense since other applications like the Weather Channel do work. Does anyone know of a work-around?
By the way, thanks to all who have posted in this forum, especially the developers. I am a total n00b but I've learnd tons already. This morning I repaced the system tools so I could configure the wireless to use 802.1x EAP and then set them back again.
Tim
Gtalk always shows me as connected through 3 Android resources even though I am not actually logged in to google chat from anywhere (android phone, computer or any other device). I used trillian to identify these three resources and all three are similar except the stars (which are alpha numeric) which are MessagingA*******1.1 ("A" here means android device)
I searched google a lot but couldn't find any solution to this and finally posting this in xda because the connection is through android device so may be I can find a solution here.
I used pidgin --> logged in using these resources --> logged off assuming this will solve the log off the resources...it worked but in 15 mins the same resource is back online. I also tried changing the password but no help.
I change my ROM a lot and use Gtalk/Hangout. So I believe these resources are the one which I didn't logged off before changing the ROM.
Any help guys?
So for ages now ive been using Xposed modules and such like Fiddler to bypass SSL Pinning.
Its worked 70% of the time, but that 30% it doesnt work is really frustrating.
Im trying to SSL Unpin "SUBWAY UK" By AltaineApps.
I managed to decompile the APK, go to smali_classes2/com/square/okhttp/CertificatePinner.smali and patch out near line 155 (simple return-void would work here according to: https://github.com/square/okhttp/bl...va/com/squareup/okhttp/CertificatePinner.java)
It recompiled fine (I had to zipalign) and it opened and went fine but it still wasnt showing up in fiddler with fiddler as system proxy (with its cert installed).
This actually occurs a lot where it doesnt send data to fiddler.
What I usually do in this instance is run "Packet Capture" and it would usually pick it up.
But lots of apps now block if you are using a VPN or Proxy so that might be the reason that isnt working either.
Any recommendations or is there anyway to just log the Response.smali's stuff as text files?
(The request that is ssl pinned is the login request and among others when your logged in, im trying to get the one for the subway map stuff inside when logged in, you can test easier by just attempting a login since that is pinned too)
Hi,
I've just taken a 101-G8 out of its box after about 10 years. I was pleased to find it was still in working conditions, was able to connect it to the wifi, use the installed apps, but trouble started when I tried to browse (using the pre-installed Dolphin browser). Almost all sites give me the 'Web page not available' message. After some trials I found that accessing http version instead of https would work, if the site didn't force a redirect. So I suspect a certificate issue, but I have no clue how to update them. Then I found out that the AppsLib and Market apps are no longer supported, so I can't update or install new apps.
After reading the forums, I know I could try to upgrade Android to something like 4.0 (via Cyanogen), but I'm not even sure this would fix my browsing issues, which is all I need right now (I'd like to use it for my kids to access the doodlelearning.com website). Any advice for me?
Thanks!